{"url":"http://public2.vulnerablecode.io/api/packages/149133?format=json","purl":"pkg:composer/microweber/microweber@1.2.19","type":"composer","namespace":"microweber","name":"microweber","version":"1.2.19","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.0.20","latest_non_vulnerable_version":"2.0.20","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46678?format=json","vulnerability_id":"VCID-134y-zfv9-dfdm","summary":"Business Logic Errors in microweber/microweber\nBusiness Logic Errors in GitHub repository microweber/microweber prior to 2.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6832","reference_id":"","reference_type":"","scores":[{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34077","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34064","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34043","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34095","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.3411","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6832"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/890e9838aabbc799ebefcf6b20ba25e0fd6dbfee","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-27T17:05:25Z/"}],"url":"https://github.com/microweber/microweber/commit/890e9838aabbc799ebefcf6b20ba25e0fd6dbfee"},{"reference_url":"https://huntr.com/bounties/53105a20-f4b1-45ad-a734-0349de6d7376","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-27T17:05:25Z/"}],"url":"https://huntr.com/bounties/53105a20-f4b1-45ad-a734-0349de6d7376"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6832","reference_id":"CVE-2023-6832","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6832"},{"reference_url":"https://github.com/advisories/GHSA-qjfx-fvx7-3wvw","reference_id":"GHSA-qjfx-fvx7-3wvw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qjfx-fvx7-3wvw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67588?format=json","purl":"pkg:composer/microweber/microweber@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77rx-sfvr-n3fm"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-jfpu-15p5-5uhj"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-wyrr-s3f6-wkdu"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zm9t-p349-1bff"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@2.0.0"}],"aliases":["CVE-2023-6832","GHSA-qjfx-fvx7-3wvw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-134y-zfv9-dfdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110416?format=json","vulnerability_id":"VCID-1uhd-zk26-67fq","summary":"Microweber Stored Cross-site Scripting before v1.2.20\nMicrowerber prior to version 1.2.20 is vulnerable to stored Cross-site Scripting (XSS).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2495","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56371","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56433","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56427","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56422","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56405","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56421","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2495"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/d35e691e72d358430abc8e99f5ba9eb374423b9f","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber/commit/d35e691e72d358430abc8e99f5ba9eb374423b9f"},{"reference_url":"https://huntr.dev/bounties/00affb69-275d-4f4c-b419-437922bc7798","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/00affb69-275d-4f4c-b419-437922bc7798"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2495","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2495"},{"reference_url":"https://github.com/advisories/GHSA-xg72-6c83-ghh4","reference_id":"GHSA-xg72-6c83-ghh4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xg72-6c83-ghh4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/149065?format=json","purl":"pkg:composer/microweber/microweber@1.2.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-134y-zfv9-dfdm"},{"vulnerability":"VCID-1vkt-7xcf-jfdm"},{"vulnerability":"VCID-2s4c-twpg-xfed"},{"vulnerability":"VCID-2v1q-rcbt-skdh"},{"vulnerability":"VCID-34tz-yfnz-pqcj"},{"vulnerability":"VCID-5dvd-bu4g-pkha"},{"vulnerability":"VCID-5udv-gpdc-k3he"},{"vulnerability":"VCID-6h14-edpz-nfaf"},{"vulnerability":"VCID-7aqf-5qq6-9kak"},{"vulnerability":"VCID-7wcg-mtsc-mqa8"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-atxq-nn14-47ap"},{"vulnerability":"VCID-b3qa-cash-tbbs"},{"vulnerability":"VCID-b76c-c1bk-uqhs"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-eepv-8w3x-a7gn"},{"vulnerability":"VCID-em3c-rjmf-c7bn"},{"vulnerability":"VCID-eyny-kp2f-fqgq"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g3w8-c5z6-1yaz"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-kbqk-a5yu-6bhr"},{"vulnerability":"VCID-kqgb-n43y-muaa"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-r4m7-g754-rkcw"},{"vulnerability":"VCID-r4sr-vyks-4ydt"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-u4de-wy5p-8kcr"},{"vulnerability":"VCID-xx51-cdfq-cucq"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zjzm-apy1-3ycu"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@1.2.20"}],"aliases":["CVE-2022-2495","GHSA-xg72-6c83-ghh4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1uhd-zk26-67fq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45336?format=json","vulnerability_id":"VCID-1vkt-7xcf-jfdm","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3142","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.21035","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20976","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.21021","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58043","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58061","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3142"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/42efa981a2239d042d910069952d6276497bdcf1","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T21:09:56Z/"}],"url":"https://github.com/microweber/microweber/commit/42efa981a2239d042d910069952d6276497bdcf1"},{"reference_url":"https://huntr.dev/bounties/d00686b0-f89a-4e14-98d7-b8dd3f92a6e5","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T21:09:56Z/"}],"url":"https://huntr.dev/bounties/d00686b0-f89a-4e14-98d7-b8dd3f92a6e5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3142","reference_id":"CVE-2023-3142","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3142"},{"reference_url":"https://github.com/advisories/GHSA-fqcv-rfp6-wv92","reference_id":"GHSA-fqcv-rfp6-wv92","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fqcv-rfp6-wv92"}],"fixed_packages":[],"aliases":["CVE-2023-3142","GHSA-fqcv-rfp6-wv92"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1vkt-7xcf-jfdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110263?format=json","vulnerability_id":"VCID-2s4c-twpg-xfed","summary":"Microweber vulnerable to cross-site scripting (XSS)\nMicroweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter. There was a patch released in the development branch but is not yet committed to the main branch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0698","reference_id":"","reference_type":"","scores":[{"value":"0.02106","scoring_system":"epss","scoring_elements":"0.84426","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02106","scoring_system":"epss","scoring_elements":"0.84423","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02106","scoring_system":"epss","scoring_elements":"0.8441","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02106","scoring_system":"epss","scoring_elements":"0.84422","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02106","scoring_system":"epss","scoring_elements":"0.84403","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02106","scoring_system":"epss","scoring_elements":"0.84429","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0698"},{"reference_url":"https://fluidattacks.com/advisories/garrix","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://fluidattacks.com/advisories/garrix"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0698","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0698"},{"reference_url":"https://fluidattacks.com/advisories/garrix/","reference_id":"garrix","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T17:34:42Z/"}],"url":"https://fluidattacks.com/advisories/garrix/"},{"reference_url":"https://github.com/advisories/GHSA-79gx-3fm8-qxqq","reference_id":"GHSA-79gx-3fm8-qxqq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-79gx-3fm8-qxqq"},{"reference_url":"https://github.com/microweber/microweber/","reference_id":"microweber","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T17:34:42Z/"}],"url":"https://github.com/microweber/microweber/"}],"fixed_packages":[],"aliases":["CVE-2022-0698","GHSA-79gx-3fm8-qxqq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2s4c-twpg-xfed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46584?format=json","vulnerability_id":"VCID-2v1q-rcbt-skdh","summary":"Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6599","reference_id":"","reference_type":"","scores":[{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57708","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57712","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57695","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57709","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57717","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6599"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/f7eb9e1c6e801346f07f3b0164a01ac5f2ca5cfd","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber/commit/f7eb9e1c6e801346f07f3b0164a01ac5f2ca5cfd"},{"reference_url":"https://huntr.com/bounties/6198785c-bf60-422e-9b80-68a6e658a10e","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.com/bounties/6198785c-bf60-422e-9b80-68a6e658a10e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6599","reference_id":"CVE-2023-6599","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6599"},{"reference_url":"https://github.com/advisories/GHSA-9r6p-hg4g-5gxp","reference_id":"GHSA-9r6p-hg4g-5gxp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9r6p-hg4g-5gxp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67588?format=json","purl":"pkg:composer/microweber/microweber@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77rx-sfvr-n3fm"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-jfpu-15p5-5uhj"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-wyrr-s3f6-wkdu"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zm9t-p349-1bff"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@2.0.0"}],"aliases":["CVE-2023-6599","GHSA-9r6p-hg4g-5gxp"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2v1q-rcbt-skdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46120?format=json","vulnerability_id":"VCID-34tz-yfnz-pqcj","summary":"Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5318","reference_id":"","reference_type":"","scores":[{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56255","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56258","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56239","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56262","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56268","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5318"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/c48b34dfd6cae7a55b452280d692dc62512574b0","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:21:58Z/"}],"url":"https://github.com/microweber/microweber/commit/c48b34dfd6cae7a55b452280d692dc62512574b0"},{"reference_url":"https://huntr.dev/bounties/17826bdd-8136-48ae-afb9-af627cb6fd5d","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:21:58Z/"}],"url":"https://huntr.dev/bounties/17826bdd-8136-48ae-afb9-af627cb6fd5d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5318","reference_id":"CVE-2023-5318","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5318"},{"reference_url":"https://github.com/advisories/GHSA-r657-3wqh-g2x9","reference_id":"GHSA-r657-3wqh-g2x9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r657-3wqh-g2x9"}],"fixed_packages":[],"aliases":["CVE-2023-5318","GHSA-r657-3wqh-g2x9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-34tz-yfnz-pqcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46108?format=json","vulnerability_id":"VCID-5dvd-bu4g-pkha","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5244","reference_id":"","reference_type":"","scores":[{"value":"0.28933","scoring_system":"epss","scoring_elements":"0.96658","published_at":"2026-06-05T12:55:00Z"},{"value":"0.28933","scoring_system":"epss","scoring_elements":"0.96668","published_at":"2026-06-09T12:55:00Z"},{"value":"0.28933","scoring_system":"epss","scoring_elements":"0.96663","published_at":"2026-06-08T12:55:00Z"},{"value":"0.28933","scoring_system":"epss","scoring_elements":"0.96662","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5244"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/1cb846f8f54ff6f5c668f3ae64dd81740a7e8968","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T19:10:08Z/"}],"url":"https://github.com/microweber/microweber/commit/1cb846f8f54ff6f5c668f3ae64dd81740a7e8968"},{"reference_url":"https://huntr.dev/bounties/a3bd58ba-ca59-4cba-85d1-799f73a76470","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T19:10:08Z/"}],"url":"https://huntr.dev/bounties/a3bd58ba-ca59-4cba-85d1-799f73a76470"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5244","reference_id":"CVE-2023-5244","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5244"},{"reference_url":"https://github.com/advisories/GHSA-rgf9-j7gv-rq22","reference_id":"GHSA-rgf9-j7gv-rq22","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rgf9-j7gv-rq22"}],"fixed_packages":[],"aliases":["CVE-2023-5244","GHSA-rgf9-j7gv-rq22"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5dvd-bu4g-pkha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44544?format=json","vulnerability_id":"VCID-5udv-gpdc-k3he","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1081","reference_id":"","reference_type":"","scores":[{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53357","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53365","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53297","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53347","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53323","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53349","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1081"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/29d418461d8407688f2720e7b4be915e03fc16c1","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber/commit/29d418461d8407688f2720e7b4be915e03fc16c1"},{"reference_url":"https://huntr.dev/bounties/cf59deed-9d43-4552-acfd-43f38f3aabba","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/cf59deed-9d43-4552-acfd-43f38f3aabba"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1081","reference_id":"CVE-2023-1081","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1081"},{"reference_url":"https://github.com/advisories/GHSA-c2rc-8m9f-g4fh","reference_id":"GHSA-c2rc-8m9f-g4fh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c2rc-8m9f-g4fh"}],"fixed_packages":[],"aliases":["CVE-2023-1081","GHSA-c2rc-8m9f-g4fh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5udv-gpdc-k3he"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110402?format=json","vulnerability_id":"VCID-6h14-edpz-nfaf","summary":"Microweber before 1.2.21 allows attacker to bypass IP detection to brute-force password\nIn the login API, an IP address will by default be blocked when the user tries to login incorrectly more than 5 times. However, a bypass to this mechanism is possible by abusing a X-Forwarded-For header to bypass IP detection and perform a password brute-force. A patch for this issue is available in Microweber version 1.2.21.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2368","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30665","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30657","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.3064","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30672","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30704","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30738","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2368"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/53c000ccd5602536e28b15d9630eb8261b04a302","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber/commit/53c000ccd5602536e28b15d9630eb8261b04a302"},{"reference_url":"https://huntr.dev/bounties/a9595eda-a5e0-4717-8d64-b445ef83f452","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/a9595eda-a5e0-4717-8d64-b445ef83f452"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2368","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2368"},{"reference_url":"https://github.com/advisories/GHSA-9wqr-9787-p4rf","reference_id":"GHSA-9wqr-9787-p4rf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9wqr-9787-p4rf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/149042?format=json","purl":"pkg:composer/microweber/microweber@1.2.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-134y-zfv9-dfdm"},{"vulnerability":"VCID-1vkt-7xcf-jfdm"},{"vulnerability":"VCID-2s4c-twpg-xfed"},{"vulnerability":"VCID-2v1q-rcbt-skdh"},{"vulnerability":"VCID-34tz-yfnz-pqcj"},{"vulnerability":"VCID-5dvd-bu4g-pkha"},{"vulnerability":"VCID-5udv-gpdc-k3he"},{"vulnerability":"VCID-7aqf-5qq6-9kak"},{"vulnerability":"VCID-7wcg-mtsc-mqa8"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-atxq-nn14-47ap"},{"vulnerability":"VCID-b3qa-cash-tbbs"},{"vulnerability":"VCID-b76c-c1bk-uqhs"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-eepv-8w3x-a7gn"},{"vulnerability":"VCID-em3c-rjmf-c7bn"},{"vulnerability":"VCID-eyny-kp2f-fqgq"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g3w8-c5z6-1yaz"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-kbqk-a5yu-6bhr"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-r4m7-g754-rkcw"},{"vulnerability":"VCID-r4sr-vyks-4ydt"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-u4de-wy5p-8kcr"},{"vulnerability":"VCID-xx51-cdfq-cucq"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zjzm-apy1-3ycu"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@1.2.21"}],"aliases":["CVE-2022-2368","GHSA-9wqr-9787-p4rf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6h14-edpz-nfaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46315?format=json","vulnerability_id":"VCID-7aqf-5qq6-9kak","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5861","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22496","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2245","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22446","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22558","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22545","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5861"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/6ed7ebf1631dd8f0780caa4151a5538f3b227d26","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:52:21Z/"}],"url":"https://github.com/microweber/microweber/commit/6ed7ebf1631dd8f0780caa4151a5538f3b227d26"},{"reference_url":"https://huntr.com/bounties/7baecef8-6c59-42fc-bced-886c4929e220","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:52:21Z/"}],"url":"https://huntr.com/bounties/7baecef8-6c59-42fc-bced-886c4929e220"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5861","reference_id":"CVE-2023-5861","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5861"},{"reference_url":"https://github.com/advisories/GHSA-7q5f-29gx-57ff","reference_id":"GHSA-7q5f-29gx-57ff","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7q5f-29gx-57ff"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67588?format=json","purl":"pkg:composer/microweber/microweber@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77rx-sfvr-n3fm"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-jfpu-15p5-5uhj"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-wyrr-s3f6-wkdu"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zm9t-p349-1bff"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@2.0.0"}],"aliases":["CVE-2023-5861","GHSA-7q5f-29gx-57ff"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7aqf-5qq6-9kak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45023?format=json","vulnerability_id":"VCID-7wcg-mtsc-mqa8","summary":"Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2239","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50865","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50851","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50834","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.5088","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50885","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2239"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/b0644cb3411b36b6ccc2ff7cdf7af3fa49525baa","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T19:35:13Z/"}],"url":"https://github.com/microweber/microweber/commit/b0644cb3411b36b6ccc2ff7cdf7af3fa49525baa"},{"reference_url":"https://huntr.dev/bounties/edeff16b-fc71-4e26-8d2d-dfe7bb5e7868","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T19:35:13Z/"}],"url":"https://huntr.dev/bounties/edeff16b-fc71-4e26-8d2d-dfe7bb5e7868"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2239","reference_id":"CVE-2023-2239","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2239"},{"reference_url":"https://github.com/advisories/GHSA-h83h-77x2-6w6g","reference_id":"GHSA-h83h-77x2-6w6g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h83h-77x2-6w6g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64927?format=json","purl":"pkg:composer/microweber/microweber@1.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-134y-zfv9-dfdm"},{"vulnerability":"VCID-1vkt-7xcf-jfdm"},{"vulnerability":"VCID-2v1q-rcbt-skdh"},{"vulnerability":"VCID-34tz-yfnz-pqcj"},{"vulnerability":"VCID-5dvd-bu4g-pkha"},{"vulnerability":"VCID-7aqf-5qq6-9kak"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-em3c-rjmf-c7bn"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-r4m7-g754-rkcw"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@1.3.4"}],"aliases":["CVE-2023-2239","GHSA-h83h-77x2-6w6g"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7wcg-mtsc-mqa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110424?format=json","vulnerability_id":"VCID-8syx-k5wt-ubhw","summary":"Microweber before v1.2.20 vulnerable to cross-site scripting\nPrior to Microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery (CSRF), fetch contents from same-site and redirect a user.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2353","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30646","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30686","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30719","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35693","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35667","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35652","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2353"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/79c6914bab8c9da07ac950fda17648d08c68b130","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber/commit/79c6914bab8c9da07ac950fda17648d08c68b130"},{"reference_url":"https://huntr.dev/bounties/7782c095-9e8c-48b0-a7f5-3a8f52e8af52","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/7782c095-9e8c-48b0-a7f5-3a8f52e8af52"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2353","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2353"},{"reference_url":"https://github.com/advisories/GHSA-gmh3-x5w7-jg5m","reference_id":"GHSA-gmh3-x5w7-jg5m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gmh3-x5w7-jg5m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/149065?format=json","purl":"pkg:composer/microweber/microweber@1.2.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-134y-zfv9-dfdm"},{"vulnerability":"VCID-1vkt-7xcf-jfdm"},{"vulnerability":"VCID-2s4c-twpg-xfed"},{"vulnerability":"VCID-2v1q-rcbt-skdh"},{"vulnerability":"VCID-34tz-yfnz-pqcj"},{"vulnerability":"VCID-5dvd-bu4g-pkha"},{"vulnerability":"VCID-5udv-gpdc-k3he"},{"vulnerability":"VCID-6h14-edpz-nfaf"},{"vulnerability":"VCID-7aqf-5qq6-9kak"},{"vulnerability":"VCID-7wcg-mtsc-mqa8"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-atxq-nn14-47ap"},{"vulnerability":"VCID-b3qa-cash-tbbs"},{"vulnerability":"VCID-b76c-c1bk-uqhs"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-eepv-8w3x-a7gn"},{"vulnerability":"VCID-em3c-rjmf-c7bn"},{"vulnerability":"VCID-eyny-kp2f-fqgq"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g3w8-c5z6-1yaz"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-kbqk-a5yu-6bhr"},{"vulnerability":"VCID-kqgb-n43y-muaa"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-r4m7-g754-rkcw"},{"vulnerability":"VCID-r4sr-vyks-4ydt"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-u4de-wy5p-8kcr"},{"vulnerability":"VCID-xx51-cdfq-cucq"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zjzm-apy1-3ycu"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@1.2.20"}],"aliases":["CVE-2022-2353","GHSA-gmh3-x5w7-jg5m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8syx-k5wt-ubhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46520?format=json","vulnerability_id":"VCID-ardw-ehgx-2uas","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nFile Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49052","reference_id":"","reference_type":"","scores":[{"value":"0.26275","scoring_system":"epss","scoring_elements":"0.96414","published_at":"2026-06-08T12:55:00Z"},{"value":"0.26275","scoring_system":"epss","scoring_elements":"0.9642","published_at":"2026-06-09T12:55:00Z"},{"value":"0.26275","scoring_system":"epss","scoring_elements":"0.9641","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49052"},{"reference_url":"https://github.com/Cyber-Wo0dy/report/blob/main/microweber/v2.0.4/microweber_unrestricted_upload","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Cyber-Wo0dy/report/blob/main/microweber/v2.0.4/microweber_unrestricted_upload"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/Cyber-Wo0dy/CVE-2023-49052","reference_id":"CVE-2023-49052","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Cyber-Wo0dy/CVE-2023-49052"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49052","reference_id":"CVE-2023-49052","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49052"},{"reference_url":"https://github.com/advisories/GHSA-2c7x-w3mx-h7p6","reference_id":"GHSA-2c7x-w3mx-h7p6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2c7x-w3mx-h7p6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/690730?format=json","purl":"pkg:composer/microweber/microweber@2.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77rx-sfvr-n3fm"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-jfpu-15p5-5uhj"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-wyrr-s3f6-wkdu"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zm9t-p349-1bff"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@2.0.5"}],"aliases":["CVE-2023-49052","GHSA-2c7x-w3mx-h7p6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ardw-ehgx-2uas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44356?format=json","vulnerability_id":"VCID-atxq-nn14-47ap","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0608","reference_id":"","reference_type":"","scores":[{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64107","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64157","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64137","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64149","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.6416","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64151","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0608"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/20df56615e61624f5fff149849753869e4b3b936","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T20:18:49Z/"}],"url":"https://github.com/microweber/microweber/commit/20df56615e61624f5fff149849753869e4b3b936"},{"reference_url":"https://huntr.dev/bounties/02a86e0d-dff7-4e27-89d5-2f7dcd4b580c","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T20:18:49Z/"}],"url":"https://huntr.dev/bounties/02a86e0d-dff7-4e27-89d5-2f7dcd4b580c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0608","reference_id":"CVE-2023-0608","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0608"},{"reference_url":"https://github.com/advisories/GHSA-pj97-r83v-vj7f","reference_id":"GHSA-pj97-r83v-vj7f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pj97-r83v-vj7f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63787?format=json","purl":"pkg:composer/microweber/microweber@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-134y-zfv9-dfdm"},{"vulnerability":"VCID-1vkt-7xcf-jfdm"},{"vulnerability":"VCID-2v1q-rcbt-skdh"},{"vulnerability":"VCID-34tz-yfnz-pqcj"},{"vulnerability":"VCID-5dvd-bu4g-pkha"},{"vulnerability":"VCID-5udv-gpdc-k3he"},{"vulnerability":"VCID-7aqf-5qq6-9kak"},{"vulnerability":"VCID-7wcg-mtsc-mqa8"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-b76c-c1bk-uqhs"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-em3c-rjmf-c7bn"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-r4m7-g754-rkcw"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-u4de-wy5p-8kcr"},{"vulnerability":"VCID-xx51-cdfq-cucq"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zjzm-apy1-3ycu"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@1.3.2"}],"aliases":["CVE-2023-0608","GHSA-pj97-r83v-vj7f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-atxq-nn14-47ap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109549?format=json","vulnerability_id":"VCID-b3qa-cash-tbbs","summary":"Microweber vulnerable to unrestricted malicious uploads\nUnrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4732","reference_id":"","reference_type":"","scores":[{"value":"0.01113","scoring_system":"epss","scoring_elements":"0.78506","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01113","scoring_system":"epss","scoring_elements":"0.78533","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01161","scoring_system":"epss","scoring_elements":"0.78948","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01161","scoring_system":"epss","scoring_elements":"0.78959","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01161","scoring_system":"epss","scoring_elements":"0.78969","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01161","scoring_system":"epss","scoring_elements":"0.78966","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4732"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/0d279ac81052ce7ee97c18c811a9b8e912189da0","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T17:09:36Z/"}],"url":"https://github.com/microweber/microweber/commit/0d279ac81052ce7ee97c18c811a9b8e912189da0"},{"reference_url":"https://huntr.dev/bounties/d5be2e96-1f2f-4357-a385-e184cf0119aa","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T17:09:36Z/"}],"url":"https://huntr.dev/bounties/d5be2e96-1f2f-4357-a385-e184cf0119aa"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4732","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4732"},{"reference_url":"https://github.com/advisories/GHSA-8h43-xg5g-9cj7","reference_id":"GHSA-8h43-xg5g-9cj7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8h43-xg5g-9cj7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63787?format=json","purl":"pkg:composer/microweber/microweber@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-134y-zfv9-dfdm"},{"vulnerability":"VCID-1vkt-7xcf-jfdm"},{"vulnerability":"VCID-2v1q-rcbt-skdh"},{"vulnerability":"VCID-34tz-yfnz-pqcj"},{"vulnerability":"VCID-5dvd-bu4g-pkha"},{"vulnerability":"VCID-5udv-gpdc-k3he"},{"vulnerability":"VCID-7aqf-5qq6-9kak"},{"vulnerability":"VCID-7wcg-mtsc-mqa8"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-b76c-c1bk-uqhs"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-em3c-rjmf-c7bn"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-r4m7-g754-rkcw"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-u4de-wy5p-8kcr"},{"vulnerability":"VCID-xx51-cdfq-cucq"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zjzm-apy1-3ycu"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@1.3.2"}],"aliases":["CVE-2022-4732","GHSA-8h43-xg5g-9cj7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b3qa-cash-tbbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45022?format=json","vulnerability_id":"VCID-b76c-c1bk-uqhs","summary":"Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2240","reference_id":"","reference_type":"","scores":[{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.5195","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.5197","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51981","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.52002","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51992","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2240"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/f43d5b767ad5814fc5f84bbaf0b77996262f3a4b","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-04T19:34:06Z/"}],"url":"https://github.com/microweber/microweber/commit/f43d5b767ad5814fc5f84bbaf0b77996262f3a4b"},{"reference_url":"https://huntr.dev/bounties/8f595559-7b4b-4b00-954c-7a627766e203","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-04T19:34:06Z/"}],"url":"https://huntr.dev/bounties/8f595559-7b4b-4b00-954c-7a627766e203"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2240","reference_id":"CVE-2023-2240","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2240"},{"reference_url":"https://github.com/advisories/GHSA-r6xq-xcxc-fghx","reference_id":"GHSA-r6xq-xcxc-fghx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r6xq-xcxc-fghx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64927?format=json","purl":"pkg:composer/microweber/microweber@1.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-134y-zfv9-dfdm"},{"vulnerability":"VCID-1vkt-7xcf-jfdm"},{"vulnerability":"VCID-2v1q-rcbt-skdh"},{"vulnerability":"VCID-34tz-yfnz-pqcj"},{"vulnerability":"VCID-5dvd-bu4g-pkha"},{"vulnerability":"VCID-7aqf-5qq6-9kak"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-em3c-rjmf-c7bn"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-r4m7-g754-rkcw"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@1.3.4"}],"aliases":["CVE-2023-2240","GHSA-r6xq-xcxc-fghx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b76c-c1bk-uqhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56449?format=json","vulnerability_id":"VCID-cyk3-wsc6-qqeh","summary":"Microweber Cross-site Scripting vulnerability\nMicroweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-33298","reference_id":"","reference_type":"","scores":[{"value":"0.01761","scoring_system":"epss","scoring_elements":"0.82983","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01761","scoring_system":"epss","scoring_elements":"0.82971","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01761","scoring_system":"epss","scoring_elements":"0.82979","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-33298"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/MathSabo/CVE-2024-33298","reference_id":"CVE-2024-33298","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-13T15:26:53Z/"}],"url":"https://github.com/MathSabo/CVE-2024-33298"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-33298","reference_id":"CVE-2024-33298","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-33298"},{"reference_url":"https://github.com/advisories/GHSA-w5g5-4jj3-8f6v","reference_id":"GHSA-w5g5-4jj3-8f6v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w5g5-4jj3-8f6v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/754902?format=json","purl":"pkg:composer/microweber/microweber@2.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77rx-sfvr-n3fm"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-jfpu-15p5-5uhj"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-wyrr-s3f6-wkdu"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zm9t-p349-1bff"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@2.0.10"}],"aliases":["CVE-2024-33298","GHSA-w5g5-4jj3-8f6v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cyk3-wsc6-qqeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55649?format=json","vulnerability_id":"VCID-dc9a-rqcd-jqfx","summary":"Microweber Reflected Cross-site scripting (XSS) vulnerability\nA Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter.","references":[{"reference_url":"http://microweber.com","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:46:28Z/"}],"url":"http://microweber.com"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40101","reference_id":"","reference_type":"","scores":[{"value":"0.0115","scoring_system":"epss","scoring_elements":"0.78863","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0115","scoring_system":"epss","scoring_elements":"0.7886","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0115","scoring_system":"epss","scoring_elements":"0.78849","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0115","scoring_system":"epss","scoring_elements":"0.7887","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0115","scoring_system":"epss","scoring_elements":"0.78866","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40101"},{"reference_url":"http://seclists.org/fulldisclosure/2024/Aug/1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2024/Aug/1"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/0dede6886c6df3d1f31c4f4e3ba1ab4a336fbf79","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:46:28Z/"}],"url":"https://github.com/microweber/microweber/commit/0dede6886c6df3d1f31c4f4e3ba1ab4a336fbf79"},{"reference_url":"https://seclists.org/fulldisclosure/2024/Aug/1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:46:28Z/"}],"url":"https://seclists.org/fulldisclosure/2024/Aug/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40101","reference_id":"CVE-2024-40101","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40101"},{"reference_url":"https://github.com/advisories/GHSA-m99v-mmg2-66vf","reference_id":"GHSA-m99v-mmg2-66vf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m99v-mmg2-66vf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82338?format=json","purl":"pkg:composer/microweber/microweber@2.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77rx-sfvr-n3fm"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-jfpu-15p5-5uhj"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-wyrr-s3f6-wkdu"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zm9t-p349-1bff"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@2.0.16"}],"aliases":["CVE-2024-40101","GHSA-m99v-mmg2-66vf"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dc9a-rqcd-jqfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46356?format=json","vulnerability_id":"VCID-e5ez-vpd8-hua1","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMicroweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47379","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36301","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36337","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36375","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36312","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36366","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47379"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/blob/master/CHANGELOG.md","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T19:51:46Z/"}],"url":"https://github.com/microweber/microweber/blob/master/CHANGELOG.md"},{"reference_url":"https://github.com/microweber/microweber/commit/a481f079d74e82f6094abf15d67e814349d1038a","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber/commit/a481f079d74e82f6094abf15d67e814349d1038a"},{"reference_url":"https://github.com/microweber/microweber/commit/c6e7ea9d0abd7564a3bb23c14ad172e4ccf27a7e#diff-fac4e7e9eca69c10d074bf8c5eac7f64b018c6b4d91dcad54b340a8560049e00","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T19:51:46Z/"}],"url":"https://github.com/microweber/microweber/commit/c6e7ea9d0abd7564a3bb23c14ad172e4ccf27a7e#diff-fac4e7e9eca69c10d074bf8c5eac7f64b018c6b4d91dcad54b340a8560049e00"},{"reference_url":"https://www.getastra.com/blog/security-audit/stored-xss-vulnerability","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.getastra.com/blog/security-audit/stored-xss-vulnerability"},{"reference_url":"https://www.getastra.com/blog/security-audit/stored-xss-vulnerability/","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T19:51:46Z/"}],"url":"https://www.getastra.com/blog/security-audit/stored-xss-vulnerability/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47379","reference_id":"CVE-2023-47379","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47379"},{"reference_url":"https://github.com/advisories/GHSA-jmwm-w2rm-prv9","reference_id":"GHSA-jmwm-w2rm-prv9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jmwm-w2rm-prv9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67659?format=json","purl":"pkg:composer/microweber/microweber@2.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mcj-auz4-kffm"},{"vulnerability":"VCID-77rx-sfvr-n3fm"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-jfpu-15p5-5uhj"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-wyrr-s3f6-wkdu"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zm9t-p349-1bff"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@2.0.3"}],"aliases":["CVE-2023-47379","GHSA-jmwm-w2rm-prv9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e5ez-vpd8-hua1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109981?format=json","vulnerability_id":"VCID-eepv-8w3x-a7gn","summary":"Microweber's title parameter in the body of POST request vulnerable to stored XSS\nIn Microweber prior to v1.3.1, the title parameter in the body of POST request when creating/editing a category is vulnerable to stored cross-site scripting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2777","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33963","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34036","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34014","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34048","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.3408","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34065","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2777"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/60eef7494211d1c458228c321e986edeaa401a58","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber/commit/60eef7494211d1c458228c321e986edeaa401a58"},{"reference_url":"https://huntr.dev/bounties/13dd2f4d-0c7f-483e-a771-e1ed2ff1c36f","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/13dd2f4d-0c7f-483e-a771-e1ed2ff1c36f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2777","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2777"},{"reference_url":"https://github.com/advisories/GHSA-cf6r-q678-f2p7","reference_id":"GHSA-cf6r-q678-f2p7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cf6r-q678-f2p7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148110?format=json","purl":"pkg:composer/microweber/microweber@1.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-134y-zfv9-dfdm"},{"vulnerability":"VCID-1vkt-7xcf-jfdm"},{"vulnerability":"VCID-2s4c-twpg-xfed"},{"vulnerability":"VCID-2v1q-rcbt-skdh"},{"vulnerability":"VCID-34tz-yfnz-pqcj"},{"vulnerability":"VCID-5dvd-bu4g-pkha"},{"vulnerability":"VCID-5udv-gpdc-k3he"},{"vulnerability":"VCID-7aqf-5qq6-9kak"},{"vulnerability":"VCID-7wcg-mtsc-mqa8"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-atxq-nn14-47ap"},{"vulnerability":"VCID-b3qa-cash-tbbs"},{"vulnerability":"VCID-b76c-c1bk-uqhs"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-em3c-rjmf-c7bn"},{"vulnerability":"VCID-eyny-kp2f-fqgq"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g3w8-c5z6-1yaz"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-kbqk-a5yu-6bhr"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-r4m7-g754-rkcw"},{"vulnerability":"VCID-r4sr-vyks-4ydt"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-u4de-wy5p-8kcr"},{"vulnerability":"VCID-xx51-cdfq-cucq"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zjzm-apy1-3ycu"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@1.3.1"}],"aliases":["CVE-2022-2777","GHSA-cf6r-q678-f2p7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eepv-8w3x-a7gn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46385?format=json","vulnerability_id":"VCID-em3c-rjmf-c7bn","summary":"Microweber Improper Access Control vulnerability\nImproper Access Control in GitHub repository microweber/microweber prior to 2.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5976","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.2371","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23662","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23655","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23771","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23756","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5976"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/bc537ebe235bf9924c6557a46114f5f9557cd16a","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T19:05:02Z/"}],"url":"https://github.com/microweber/microweber/commit/bc537ebe235bf9924c6557a46114f5f9557cd16a"},{"reference_url":"https://huntr.com/bounties/2004e4a9-c5f6-406a-89b0-571f808882fa","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T19:05:02Z/"}],"url":"https://huntr.com/bounties/2004e4a9-c5f6-406a-89b0-571f808882fa"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5976","reference_id":"CVE-2023-5976","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5976"},{"reference_url":"https://github.com/advisories/GHSA-q57g-38pc-jwv8","reference_id":"GHSA-q57g-38pc-jwv8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q57g-38pc-jwv8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67588?format=json","purl":"pkg:composer/microweber/microweber@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77rx-sfvr-n3fm"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-jfpu-15p5-5uhj"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-wyrr-s3f6-wkdu"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zm9t-p349-1bff"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@2.0.0"}],"aliases":["CVE-2023-5976","GHSA-q57g-38pc-jwv8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-em3c-rjmf-c7bn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109064?format=json","vulnerability_id":"VCID-eyny-kp2f-fqgq","summary":"Microweber vulnerable to  HTML Injection in create tag functionality\nHTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input. A patch is available on commit f20abf30a1d9c1426c5fb757ac63998dc5b92bfc and is anticipated to be part of version 1.3.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3245","reference_id":"","reference_type":"","scores":[{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62742","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62785","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62772","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62796","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62786","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3245"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/f20abf30a1d9c1426c5fb757ac63998dc5b92bfc","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-27T18:08:10Z/"}],"url":"https://github.com/microweber/microweber/commit/f20abf30a1d9c1426c5fb757ac63998dc5b92bfc"},{"reference_url":"https://huntr.dev/bounties/747c2924-95ca-4311-9e69-58ee0fb440a0","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-27T18:08:10Z/"}],"url":"https://huntr.dev/bounties/747c2924-95ca-4311-9e69-58ee0fb440a0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3245","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3245"},{"reference_url":"https://github.com/advisories/GHSA-gm8c-w9cm-c445","reference_id":"GHSA-gm8c-w9cm-c445","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gm8c-w9cm-c445"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63787?format=json","purl":"pkg:composer/microweber/microweber@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-134y-zfv9-dfdm"},{"vulnerability":"VCID-1vkt-7xcf-jfdm"},{"vulnerability":"VCID-2v1q-rcbt-skdh"},{"vulnerability":"VCID-34tz-yfnz-pqcj"},{"vulnerability":"VCID-5dvd-bu4g-pkha"},{"vulnerability":"VCID-5udv-gpdc-k3he"},{"vulnerability":"VCID-7aqf-5qq6-9kak"},{"vulnerability":"VCID-7wcg-mtsc-mqa8"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-b76c-c1bk-uqhs"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-em3c-rjmf-c7bn"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-r4m7-g754-rkcw"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-u4de-wy5p-8kcr"},{"vulnerability":"VCID-xx51-cdfq-cucq"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zjzm-apy1-3ycu"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@1.3.2"}],"aliases":["CVE-2022-3245","GHSA-gm8c-w9cm-c445"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eyny-kp2f-fqgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56447?format=json","vulnerability_id":"VCID-ffw7-eb3s-w7dt","summary":"Microweber Cross-site Scripting vulnerability\nCross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-33299","reference_id":"","reference_type":"","scores":[{"value":"0.01553","scoring_system":"epss","scoring_elements":"0.81797","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01553","scoring_system":"epss","scoring_elements":"0.81806","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01553","scoring_system":"epss","scoring_elements":"0.81791","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-33299"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/MathSabo/CVE-2024-33299","reference_id":"CVE-2024-33299","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-14T16:06:00Z/"}],"url":"https://github.com/MathSabo/CVE-2024-33299"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-33299","reference_id":"CVE-2024-33299","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-33299"},{"reference_url":"https://github.com/advisories/GHSA-97h9-p9f8-4p3r","reference_id":"GHSA-97h9-p9f8-4p3r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-97h9-p9f8-4p3r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/754902?format=json","purl":"pkg:composer/microweber/microweber@2.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77rx-sfvr-n3fm"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-jfpu-15p5-5uhj"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-wyrr-s3f6-wkdu"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zm9t-p349-1bff"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@2.0.10"}],"aliases":["CVE-2024-33299","GHSA-97h9-p9f8-4p3r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ffw7-eb3s-w7dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109446?format=json","vulnerability_id":"VCID-g3w8-c5z6-1yaz","summary":"Microweber vulnerable to Reflected Cross-site Scripting\nMicroweber versions 1.3.1 and prior are vulnerable to Reflected Cross-site Scripting (XSS). A patch is available on the 1.4, dev, and laravel-sail branches.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4617","reference_id":"","reference_type":"","scores":[{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41354","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41334","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41323","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41305","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41381","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41385","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4617"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/df8add930ecfa7f5b18c67c3f748c137fe890906","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-14T14:21:05Z/"}],"url":"https://github.com/microweber/microweber/commit/df8add930ecfa7f5b18c67c3f748c137fe890906"},{"reference_url":"https://huntr.dev/bounties/1fb2ce08-7016-45fa-b402-ec08d700e4df","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-14T14:21:05Z/"}],"url":"https://huntr.dev/bounties/1fb2ce08-7016-45fa-b402-ec08d700e4df"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4617","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4617"},{"reference_url":"https://github.com/advisories/GHSA-3mmh-vq9w-4c3g","reference_id":"GHSA-3mmh-vq9w-4c3g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3mmh-vq9w-4c3g"}],"fixed_packages":[],"aliases":["CVE-2022-4617","GHSA-3mmh-vq9w-4c3g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g3w8-c5z6-1yaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56798?format=json","vulnerability_id":"VCID-g698-yeg3-33cv","summary":"Microweber vulnerable to XSS attack due to insure `group` component in its Settings handler\nA vulnerability was found in Microweber 2.0.19. It has been rated as problematic. This issue affects some unknown processing of the file userfiles/modules/settings/group/website_group/index.php of the component Settings Handler. The manipulation of the argument group leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2214","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32231","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32254","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32329","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32298","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32261","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2214"},{"reference_url":"https://github.com/Fewword/Poc/blob/main/microweber/mwb-poc1.md","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T13:37:00Z/"}],"url":"https://github.com/Fewword/Poc/blob/main/microweber/mwb-poc1.md"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://vuldb.com/?ctiid.299285","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T13:37:00Z/"}],"url":"https://vuldb.com/?ctiid.299285"},{"reference_url":"https://vuldb.com/?id.299285","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T13:37:00Z/"}],"url":"https://vuldb.com/?id.299285"},{"reference_url":"https://vuldb.com/?submit.512032","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T13:37:00Z/"}],"url":"https://vuldb.com/?submit.512032"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2214","reference_id":"CVE-2025-2214","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2214"},{"reference_url":"https://github.com/advisories/GHSA-hcgh-r5gq-6qc2","reference_id":"GHSA-hcgh-r5gq-6qc2","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hcgh-r5gq-6qc2"}],"fixed_packages":[],"aliases":["CVE-2025-2214","GHSA-hcgh-r5gq-6qc2"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g698-yeg3-33cv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50026?format=json","vulnerability_id":"VCID-jbsw-p37m-8bat","summary":"Microweber has a Cross-site Scripting vulnerability\nCross-site Scripting vulnerability in the \"/admin/order/abandoned\" endpoint of Microweber 2.0.19. An attacker can manipulate the \"orderDirection\" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was reported to the developers and fixed in version 2.0.20.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-70791","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05798","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05806","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0723","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07217","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07261","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-70791"},{"reference_url":"https://gist.github.com/TimRecktenwald/9615b9915a4cacda9f57bb57f13ab6d4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T20:52:24Z/"}],"url":"https://gist.github.com/TimRecktenwald/9615b9915a4cacda9f57bb57f13ab6d4"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/aa0791fc286d785ccd33ccc706f7bb3ed05b1d7f","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T20:52:24Z/"}],"url":"https://github.com/microweber/microweber/commit/aa0791fc286d785ccd33ccc706f7bb3ed05b1d7f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-70791","reference_id":"CVE-2025-70791","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-70791"},{"reference_url":"https://github.com/advisories/GHSA-5jg5-xqfw-rv92","reference_id":"GHSA-5jg5-xqfw-rv92","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5jg5-xqfw-rv92"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73880?format=json","purl":"pkg:composer/microweber/microweber@2.0.20","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@2.0.20"}],"aliases":["CVE-2025-70791","GHSA-5jg5-xqfw-rv92"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jbsw-p37m-8bat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109123?format=json","vulnerability_id":"VCID-kbqk-a5yu-6bhr","summary":"Microweber Cross-site Scripting can result in redirection to a malicious site\nMicroweber versions 1.3.1 and prior are vulnerable to HTML injection that an attacker can use to redirect someone to a malicious site. A patch is available at commit 68f0721571653db865a5fa01c7986642c82e919c and expected to be part of version 1.3.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3242","reference_id":"","reference_type":"","scores":[{"value":"0.19791","scoring_system":"epss","scoring_elements":"0.95562","published_at":"2026-06-04T12:55:00Z"},{"value":"0.19791","scoring_system":"epss","scoring_elements":"0.95579","published_at":"2026-06-09T12:55:00Z"},{"value":"0.19791","scoring_system":"epss","scoring_elements":"0.95575","published_at":"2026-06-08T12:55:00Z"},{"value":"0.19791","scoring_system":"epss","scoring_elements":"0.95574","published_at":"2026-06-07T12:55:00Z"},{"value":"0.19791","scoring_system":"epss","scoring_elements":"0.95572","published_at":"2026-06-06T12:55:00Z"},{"value":"0.19791","scoring_system":"epss","scoring_elements":"0.95569","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3242"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/68f0721571653db865a5fa01c7986642c82e919c","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T13:56:48Z/"}],"url":"https://github.com/microweber/microweber/commit/68f0721571653db865a5fa01c7986642c82e919c"},{"reference_url":"https://huntr.dev/bounties/3e6b218a-a5a6-40d9-9f7e-5ab0c6214faf","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T13:56:48Z/"}],"url":"https://huntr.dev/bounties/3e6b218a-a5a6-40d9-9f7e-5ab0c6214faf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3242","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3242"},{"reference_url":"https://github.com/advisories/GHSA-232p-59mg-f98p","reference_id":"GHSA-232p-59mg-f98p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-232p-59mg-f98p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63787?format=json","purl":"pkg:composer/microweber/microweber@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-134y-zfv9-dfdm"},{"vulnerability":"VCID-1vkt-7xcf-jfdm"},{"vulnerability":"VCID-2v1q-rcbt-skdh"},{"vulnerability":"VCID-34tz-yfnz-pqcj"},{"vulnerability":"VCID-5dvd-bu4g-pkha"},{"vulnerability":"VCID-5udv-gpdc-k3he"},{"vulnerability":"VCID-7aqf-5qq6-9kak"},{"vulnerability":"VCID-7wcg-mtsc-mqa8"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-b76c-c1bk-uqhs"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-em3c-rjmf-c7bn"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-r4m7-g754-rkcw"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-u4de-wy5p-8kcr"},{"vulnerability":"VCID-xx51-cdfq-cucq"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zjzm-apy1-3ycu"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@1.3.2"}],"aliases":["CVE-2022-3242","GHSA-232p-59mg-f98p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kbqk-a5yu-6bhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110421?format=json","vulnerability_id":"VCID-kqgb-n43y-muaa","summary":"Microweber before 1.2.21 vulnerable to reflected XSS\nMicroweber prior to 1.2.21 is vulnerable to reflected cross-site scripting (XSS).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2470","reference_id":"","reference_type":"","scores":[{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.66229","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.66277","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.66259","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.66273","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.66289","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.6628","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2470"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/d28655183800b833abb20ccd55e1628f16ff65e4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber/commit/d28655183800b833abb20ccd55e1628f16ff65e4"},{"reference_url":"https://huntr.dev/bounties/3f1f679c-c243-431c-8ed0-e61543b9921b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/3f1f679c-c243-431c-8ed0-e61543b9921b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2470","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2470"},{"reference_url":"https://github.com/advisories/GHSA-cfcg-2qgr-v243","reference_id":"GHSA-cfcg-2qgr-v243","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cfcg-2qgr-v243"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/149042?format=json","purl":"pkg:composer/microweber/microweber@1.2.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-134y-zfv9-dfdm"},{"vulnerability":"VCID-1vkt-7xcf-jfdm"},{"vulnerability":"VCID-2s4c-twpg-xfed"},{"vulnerability":"VCID-2v1q-rcbt-skdh"},{"vulnerability":"VCID-34tz-yfnz-pqcj"},{"vulnerability":"VCID-5dvd-bu4g-pkha"},{"vulnerability":"VCID-5udv-gpdc-k3he"},{"vulnerability":"VCID-7aqf-5qq6-9kak"},{"vulnerability":"VCID-7wcg-mtsc-mqa8"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-atxq-nn14-47ap"},{"vulnerability":"VCID-b3qa-cash-tbbs"},{"vulnerability":"VCID-b76c-c1bk-uqhs"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-eepv-8w3x-a7gn"},{"vulnerability":"VCID-em3c-rjmf-c7bn"},{"vulnerability":"VCID-eyny-kp2f-fqgq"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g3w8-c5z6-1yaz"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-kbqk-a5yu-6bhr"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-r4m7-g754-rkcw"},{"vulnerability":"VCID-r4sr-vyks-4ydt"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-u4de-wy5p-8kcr"},{"vulnerability":"VCID-xx51-cdfq-cucq"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zjzm-apy1-3ycu"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@1.2.21"}],"aliases":["CVE-2022-2470","GHSA-cfcg-2qgr-v243"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kqgb-n43y-muaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50025?format=json","vulnerability_id":"VCID-pkwt-7cf8-7qet","summary":"Microweber Cross-site Scripting vulnerability\nThere is a Cross-site Scripting vulnerability in the \"/admin/category/create\" endpoint of Microweber 2.0.19. An attacker can manipulate the \"rel_id\" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was reported to the developers and fixed in version 2.0.20.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-70792","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05806","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05798","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07217","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07261","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0723","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-70792"},{"reference_url":"https://gist.github.com/TimRecktenwald/f4b0d1edbb87e75c17c639ca0bacba57","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T20:49:30Z/"}],"url":"https://gist.github.com/TimRecktenwald/f4b0d1edbb87e75c17c639ca0bacba57"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/aa0791fc286d785ccd33ccc706f7bb3ed05b1d7f","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T20:49:30Z/"}],"url":"https://github.com/microweber/microweber/commit/aa0791fc286d785ccd33ccc706f7bb3ed05b1d7f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-70792","reference_id":"CVE-2025-70792","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-70792"},{"reference_url":"https://github.com/advisories/GHSA-6w5w-jx4x-vjvw","reference_id":"GHSA-6w5w-jx4x-vjvw","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6w5w-jx4x-vjvw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73880?format=json","purl":"pkg:composer/microweber/microweber@2.0.20","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@2.0.20"}],"aliases":["CVE-2025-70792","GHSA-6w5w-jx4x-vjvw"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pkwt-7cf8-7qet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46579?format=json","vulnerability_id":"VCID-r4m7-g754-rkcw","summary":"Microweber Business Logic Errors\nBusiness Logic Errors in GitHub repository microweber/microweber prior to 2.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6566","reference_id":"","reference_type":"","scores":[{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32065","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32055","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32032","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32133","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32102","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6566"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/eee0c6771e152022a91089a547272c8a542bb74e","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber/commit/eee0c6771e152022a91089a547272c8a542bb74e"},{"reference_url":"https://huntr.com/bounties/cf4b68b5-8d97-4d05-9cde-e76b1a414fd6","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.com/bounties/cf4b68b5-8d97-4d05-9cde-e76b1a414fd6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6566","reference_id":"CVE-2023-6566","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6566"},{"reference_url":"https://github.com/advisories/GHSA-3rpx-pgmf-j96h","reference_id":"GHSA-3rpx-pgmf-j96h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3rpx-pgmf-j96h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67588?format=json","purl":"pkg:composer/microweber/microweber@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77rx-sfvr-n3fm"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-jfpu-15p5-5uhj"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-wyrr-s3f6-wkdu"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zm9t-p349-1bff"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@2.0.0"}],"aliases":["CVE-2023-6566","GHSA-3rpx-pgmf-j96h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r4m7-g754-rkcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109363?format=json","vulnerability_id":"VCID-r4sr-vyks-4ydt","summary":"Microweber vulnerable to Stored Cross-Site Scripting\nMicroweber versions 1.3.1 and prior are vulnerable to stored Cross-site Scripting (XSS). A patch is available on the 1.4, dev, and laravel-sail branches.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4647","reference_id":"","reference_type":"","scores":[{"value":"0.00544","scoring_system":"epss","scoring_elements":"0.68159","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00544","scoring_system":"epss","scoring_elements":"0.6816","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00544","scoring_system":"epss","scoring_elements":"0.68144","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00544","scoring_system":"epss","scoring_elements":"0.68118","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00544","scoring_system":"epss","scoring_elements":"0.68158","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00544","scoring_system":"epss","scoring_elements":"0.68166","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4647"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/20df56615e61624f5fff149849753869e4b3b936","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-09T18:17:49Z/"}],"url":"https://github.com/microweber/microweber/commit/20df56615e61624f5fff149849753869e4b3b936"},{"reference_url":"https://huntr.dev/bounties/ccdd243d-726c-4199-b742-25c571491242","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-09T18:17:49Z/"}],"url":"https://huntr.dev/bounties/ccdd243d-726c-4199-b742-25c571491242"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4647","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4647"},{"reference_url":"https://github.com/advisories/GHSA-9cmm-52cv-6hvc","reference_id":"GHSA-9cmm-52cv-6hvc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9cmm-52cv-6hvc"}],"fixed_packages":[],"aliases":["CVE-2022-4647","GHSA-9cmm-52cv-6hvc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r4sr-vyks-4ydt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56448?format=json","vulnerability_id":"VCID-t6md-pczt-57ef","summary":"Microweber Cross-site Scripting vulnerability\nCross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-33297","reference_id":"","reference_type":"","scores":[{"value":"0.01414","scoring_system":"epss","scoring_elements":"0.80916","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01414","scoring_system":"epss","scoring_elements":"0.80929","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01414","scoring_system":"epss","scoring_elements":"0.8091","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01414","scoring_system":"epss","scoring_elements":"0.80913","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01414","scoring_system":"epss","scoring_elements":"0.80914","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-33297"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/MathSabo/CVE-2024-33297","reference_id":"CVE-2024-33297","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-14T15:56:41Z/"}],"url":"https://github.com/MathSabo/CVE-2024-33297"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-33297","reference_id":"CVE-2024-33297","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-33297"},{"reference_url":"https://github.com/advisories/GHSA-j4v9-cm37-h7c2","reference_id":"GHSA-j4v9-cm37-h7c2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j4v9-cm37-h7c2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/754902?format=json","purl":"pkg:composer/microweber/microweber@2.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-77rx-sfvr-n3fm"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-jfpu-15p5-5uhj"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-wyrr-s3f6-wkdu"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zm9t-p349-1bff"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@2.0.10"}],"aliases":["CVE-2024-33297","GHSA-j4v9-cm37-h7c2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t6md-pczt-57ef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44861?format=json","vulnerability_id":"VCID-u4de-wy5p-8kcr","summary":"Improper Neutralization of Special Elements used in a Command ('Command Injection')\nCommand Injection in GitHub repository microweber/microweber prior to 1.3.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1877","reference_id":"","reference_type":"","scores":[{"value":"0.04671","scoring_system":"epss","scoring_elements":"0.89529","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04671","scoring_system":"epss","scoring_elements":"0.89545","published_at":"2026-06-09T12:55:00Z"},{"value":"0.04671","scoring_system":"epss","scoring_elements":"0.89526","published_at":"2026-06-07T12:55:00Z"},{"value":"0.04671","scoring_system":"epss","scoring_elements":"0.8951","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04671","scoring_system":"epss","scoring_elements":"0.89528","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1877"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/93a906d0bf096c3ab1674012a90c88d101e76c8d","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T20:41:00Z/"}],"url":"https://github.com/microweber/microweber/commit/93a906d0bf096c3ab1674012a90c88d101e76c8d"},{"reference_url":"https://huntr.dev/bounties/71fe4b3b-20ac-448c-8191-7b99d7ffaf55","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T20:41:00Z/"}],"url":"https://huntr.dev/bounties/71fe4b3b-20ac-448c-8191-7b99d7ffaf55"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1877","reference_id":"CVE-2023-1877","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1877"},{"reference_url":"https://github.com/advisories/GHSA-582p-2fpg-x226","reference_id":"GHSA-582p-2fpg-x226","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-582p-2fpg-x226"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64542?format=json","purl":"pkg:composer/microweber/microweber@1.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-134y-zfv9-dfdm"},{"vulnerability":"VCID-1vkt-7xcf-jfdm"},{"vulnerability":"VCID-2v1q-rcbt-skdh"},{"vulnerability":"VCID-34tz-yfnz-pqcj"},{"vulnerability":"VCID-5dvd-bu4g-pkha"},{"vulnerability":"VCID-7aqf-5qq6-9kak"},{"vulnerability":"VCID-7wcg-mtsc-mqa8"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-b76c-c1bk-uqhs"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-em3c-rjmf-c7bn"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-r4m7-g754-rkcw"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@1.3.3"}],"aliases":["CVE-2023-1877","GHSA-582p-2fpg-x226"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u4de-wy5p-8kcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44867?format=json","vulnerability_id":"VCID-xx51-cdfq-cucq","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1881","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49694","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49737","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.4972","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.4975","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49767","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49758","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1881"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/8d039de2d615956f6df8df0bb1045ff3be88f183","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T19:49:59Z/"}],"url":"https://github.com/microweber/microweber/commit/8d039de2d615956f6df8df0bb1045ff3be88f183"},{"reference_url":"https://huntr.dev/bounties/d5ebc2bd-8638-41c4-bf72-7c906c601344","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T19:49:59Z/"}],"url":"https://huntr.dev/bounties/d5ebc2bd-8638-41c4-bf72-7c906c601344"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1881","reference_id":"CVE-2023-1881","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1881"},{"reference_url":"https://github.com/advisories/GHSA-hhjm-mpmf-cxg9","reference_id":"GHSA-hhjm-mpmf-cxg9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hhjm-mpmf-cxg9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64542?format=json","purl":"pkg:composer/microweber/microweber@1.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-134y-zfv9-dfdm"},{"vulnerability":"VCID-1vkt-7xcf-jfdm"},{"vulnerability":"VCID-2v1q-rcbt-skdh"},{"vulnerability":"VCID-34tz-yfnz-pqcj"},{"vulnerability":"VCID-5dvd-bu4g-pkha"},{"vulnerability":"VCID-7aqf-5qq6-9kak"},{"vulnerability":"VCID-7wcg-mtsc-mqa8"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-b76c-c1bk-uqhs"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-em3c-rjmf-c7bn"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-r4m7-g754-rkcw"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@1.3.3"}],"aliases":["CVE-2023-1881","GHSA-hhjm-mpmf-cxg9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xx51-cdfq-cucq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55644?format=json","vulnerability_id":"VCID-ye1c-995f-uffg","summary":"Microweber Cross Site Scripting (XSS) vulnerability\nMicroweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\\modules\\tags\\add_tagging_tagged.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41380","reference_id":"","reference_type":"","scores":[{"value":"0.01293","scoring_system":"epss","scoring_elements":"0.80055","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01293","scoring_system":"epss","scoring_elements":"0.80035","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01293","scoring_system":"epss","scoring_elements":"0.80044","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01293","scoring_system":"epss","scoring_elements":"0.8005","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01293","scoring_system":"epss","scoring_elements":"0.80045","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41380"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/issues/1111","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T18:44:06Z/"}],"url":"https://github.com/microweber/microweber/issues/1111"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41380","reference_id":"CVE-2024-41380","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41380"},{"reference_url":"https://github.com/advisories/GHSA-hf66-xfgj-42g8","reference_id":"GHSA-hf66-xfgj-42g8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hf66-xfgj-42g8"}],"fixed_packages":[],"aliases":["CVE-2024-41380","GHSA-hf66-xfgj-42g8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ye1c-995f-uffg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44944?format=json","vulnerability_id":"VCID-zjzm-apy1-3ycu","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2014","reference_id":"","reference_type":"","scores":[{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54972","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54952","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54971","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54981","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2014"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/1a9b904722b35b00653c6ae72dca2969149159b3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:37:48Z/"}],"url":"https://github.com/microweber/microweber/commit/1a9b904722b35b00653c6ae72dca2969149159b3"},{"reference_url":"https://huntr.dev/bounties/a77bf7ed-6b61-452e-b5ee-e20017e28d1a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:37:48Z/"}],"url":"https://huntr.dev/bounties/a77bf7ed-6b61-452e-b5ee-e20017e28d1a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2014","reference_id":"CVE-2023-2014","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2014"},{"reference_url":"https://github.com/advisories/GHSA-f4g6-c47x-qhww","reference_id":"GHSA-f4g6-c47x-qhww","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f4g6-c47x-qhww"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64542?format=json","purl":"pkg:composer/microweber/microweber@1.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-134y-zfv9-dfdm"},{"vulnerability":"VCID-1vkt-7xcf-jfdm"},{"vulnerability":"VCID-2v1q-rcbt-skdh"},{"vulnerability":"VCID-34tz-yfnz-pqcj"},{"vulnerability":"VCID-5dvd-bu4g-pkha"},{"vulnerability":"VCID-7aqf-5qq6-9kak"},{"vulnerability":"VCID-7wcg-mtsc-mqa8"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-b76c-c1bk-uqhs"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-em3c-rjmf-c7bn"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-r4m7-g754-rkcw"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@1.3.3"}],"aliases":["CVE-2023-2014","GHSA-f4g6-c47x-qhww"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zjzm-apy1-3ycu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55625?format=json","vulnerability_id":"VCID-zmbt-5sbt-9fe4","summary":"Microweber Cross Site Scripting (XSS) vulnerability\nMicroweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\\modules\\settings\\admin.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41381","reference_id":"","reference_type":"","scores":[{"value":"0.0119","scoring_system":"epss","scoring_elements":"0.79177","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0119","scoring_system":"epss","scoring_elements":"0.79188","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0119","scoring_system":"epss","scoring_elements":"0.79196","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0119","scoring_system":"epss","scoring_elements":"0.79191","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41381"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/issues/1110","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:07:48Z/"}],"url":"https://github.com/microweber/microweber/issues/1110"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41381","reference_id":"CVE-2024-41381","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41381"},{"reference_url":"https://github.com/advisories/GHSA-h4xf-wx99-jmv4","reference_id":"GHSA-h4xf-wx99-jmv4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h4xf-wx99-jmv4"}],"fixed_packages":[],"aliases":["CVE-2024-41381","GHSA-h4xf-wx99-jmv4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zmbt-5sbt-9fe4"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110475?format=json","vulnerability_id":"VCID-bq4d-7vyh-2bdv","summary":"Cross-site Scripting in microweber\nCross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2280","reference_id":"","reference_type":"","scores":[{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55576","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55589","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55583","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55557","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55527","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2280"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/9ebbb4dd35da74025ab6965f722829a7f8f86566","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber/commit/9ebbb4dd35da74025ab6965f722829a7f8f86566"},{"reference_url":"https://huntr.dev/bounties/22561bfd-a28f-474e-9bfd-7263c1b71133","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/22561bfd-a28f-474e-9bfd-7263c1b71133"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2280","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2280"},{"reference_url":"https://github.com/advisories/GHSA-5pg2-qg87-vmj7","reference_id":"GHSA-5pg2-qg87-vmj7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5pg2-qg87-vmj7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/149133?format=json","purl":"pkg:composer/microweber/microweber@1.2.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-134y-zfv9-dfdm"},{"vulnerability":"VCID-1uhd-zk26-67fq"},{"vulnerability":"VCID-1vkt-7xcf-jfdm"},{"vulnerability":"VCID-2s4c-twpg-xfed"},{"vulnerability":"VCID-2v1q-rcbt-skdh"},{"vulnerability":"VCID-34tz-yfnz-pqcj"},{"vulnerability":"VCID-5dvd-bu4g-pkha"},{"vulnerability":"VCID-5udv-gpdc-k3he"},{"vulnerability":"VCID-6h14-edpz-nfaf"},{"vulnerability":"VCID-7aqf-5qq6-9kak"},{"vulnerability":"VCID-7wcg-mtsc-mqa8"},{"vulnerability":"VCID-8syx-k5wt-ubhw"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-atxq-nn14-47ap"},{"vulnerability":"VCID-b3qa-cash-tbbs"},{"vulnerability":"VCID-b76c-c1bk-uqhs"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-eepv-8w3x-a7gn"},{"vulnerability":"VCID-em3c-rjmf-c7bn"},{"vulnerability":"VCID-eyny-kp2f-fqgq"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g3w8-c5z6-1yaz"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-kbqk-a5yu-6bhr"},{"vulnerability":"VCID-kqgb-n43y-muaa"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-r4m7-g754-rkcw"},{"vulnerability":"VCID-r4sr-vyks-4ydt"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-u4de-wy5p-8kcr"},{"vulnerability":"VCID-xx51-cdfq-cucq"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zjzm-apy1-3ycu"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@1.2.19"}],"aliases":["CVE-2022-2280","GHSA-5pg2-qg87-vmj7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bq4d-7vyh-2bdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110780?format=json","vulnerability_id":"VCID-mhbj-vxny-tkhx","summary":"Open Redirect in microweber\nOpen Redirect in GitHub repository microweber/microweber prior to 1.2.19.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2252","reference_id":"","reference_type":"","scores":[{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38627","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38675","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38664","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38692","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.3872","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38717","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2252"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/187e949daf7dea6f10b80da70988f0f86444eeff","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber/commit/187e949daf7dea6f10b80da70988f0f86444eeff"},{"reference_url":"https://huntr.dev/bounties/4d394bcc-a000-4f96-8cd2-8c565e1347e8","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/4d394bcc-a000-4f96-8cd2-8c565e1347e8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2252","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2252"},{"reference_url":"https://github.com/advisories/GHSA-437j-5qc3-c589","reference_id":"GHSA-437j-5qc3-c589","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-437j-5qc3-c589"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/149133?format=json","purl":"pkg:composer/microweber/microweber@1.2.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-134y-zfv9-dfdm"},{"vulnerability":"VCID-1uhd-zk26-67fq"},{"vulnerability":"VCID-1vkt-7xcf-jfdm"},{"vulnerability":"VCID-2s4c-twpg-xfed"},{"vulnerability":"VCID-2v1q-rcbt-skdh"},{"vulnerability":"VCID-34tz-yfnz-pqcj"},{"vulnerability":"VCID-5dvd-bu4g-pkha"},{"vulnerability":"VCID-5udv-gpdc-k3he"},{"vulnerability":"VCID-6h14-edpz-nfaf"},{"vulnerability":"VCID-7aqf-5qq6-9kak"},{"vulnerability":"VCID-7wcg-mtsc-mqa8"},{"vulnerability":"VCID-8syx-k5wt-ubhw"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-atxq-nn14-47ap"},{"vulnerability":"VCID-b3qa-cash-tbbs"},{"vulnerability":"VCID-b76c-c1bk-uqhs"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-eepv-8w3x-a7gn"},{"vulnerability":"VCID-em3c-rjmf-c7bn"},{"vulnerability":"VCID-eyny-kp2f-fqgq"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g3w8-c5z6-1yaz"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-kbqk-a5yu-6bhr"},{"vulnerability":"VCID-kqgb-n43y-muaa"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-r4m7-g754-rkcw"},{"vulnerability":"VCID-r4sr-vyks-4ydt"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-u4de-wy5p-8kcr"},{"vulnerability":"VCID-xx51-cdfq-cucq"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zjzm-apy1-3ycu"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@1.2.19"}],"aliases":["CVE-2022-2252","GHSA-437j-5qc3-c589"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mhbj-vxny-tkhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110505?format=json","vulnerability_id":"VCID-qpam-xy9j-7kcz","summary":"Cross-site Scripting in microweber\nCross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2300","reference_id":"","reference_type":"","scores":[{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39532","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39622","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39618","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39581","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39566","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39594","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2300"},{"reference_url":"https://github.com/microweber/microweber","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber"},{"reference_url":"https://github.com/microweber/microweber/commit/70b46e231e7b2c113666745a0ab6de9a8b7ef08e","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microweber/microweber/commit/70b46e231e7b2c113666745a0ab6de9a8b7ef08e"},{"reference_url":"https://huntr.dev/bounties/882d6cf9-64f5-4614-a873-a3030473c817","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/882d6cf9-64f5-4614-a873-a3030473c817"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2300","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2300"},{"reference_url":"https://github.com/advisories/GHSA-q6mp-562x-ggvv","reference_id":"GHSA-q6mp-562x-ggvv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q6mp-562x-ggvv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/149133?format=json","purl":"pkg:composer/microweber/microweber@1.2.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-134y-zfv9-dfdm"},{"vulnerability":"VCID-1uhd-zk26-67fq"},{"vulnerability":"VCID-1vkt-7xcf-jfdm"},{"vulnerability":"VCID-2s4c-twpg-xfed"},{"vulnerability":"VCID-2v1q-rcbt-skdh"},{"vulnerability":"VCID-34tz-yfnz-pqcj"},{"vulnerability":"VCID-5dvd-bu4g-pkha"},{"vulnerability":"VCID-5udv-gpdc-k3he"},{"vulnerability":"VCID-6h14-edpz-nfaf"},{"vulnerability":"VCID-7aqf-5qq6-9kak"},{"vulnerability":"VCID-7wcg-mtsc-mqa8"},{"vulnerability":"VCID-8syx-k5wt-ubhw"},{"vulnerability":"VCID-ardw-ehgx-2uas"},{"vulnerability":"VCID-atxq-nn14-47ap"},{"vulnerability":"VCID-b3qa-cash-tbbs"},{"vulnerability":"VCID-b76c-c1bk-uqhs"},{"vulnerability":"VCID-cyk3-wsc6-qqeh"},{"vulnerability":"VCID-dc9a-rqcd-jqfx"},{"vulnerability":"VCID-e5ez-vpd8-hua1"},{"vulnerability":"VCID-eepv-8w3x-a7gn"},{"vulnerability":"VCID-em3c-rjmf-c7bn"},{"vulnerability":"VCID-eyny-kp2f-fqgq"},{"vulnerability":"VCID-ffw7-eb3s-w7dt"},{"vulnerability":"VCID-g3w8-c5z6-1yaz"},{"vulnerability":"VCID-g698-yeg3-33cv"},{"vulnerability":"VCID-jbsw-p37m-8bat"},{"vulnerability":"VCID-kbqk-a5yu-6bhr"},{"vulnerability":"VCID-kqgb-n43y-muaa"},{"vulnerability":"VCID-pkwt-7cf8-7qet"},{"vulnerability":"VCID-r4m7-g754-rkcw"},{"vulnerability":"VCID-r4sr-vyks-4ydt"},{"vulnerability":"VCID-t6md-pczt-57ef"},{"vulnerability":"VCID-u4de-wy5p-8kcr"},{"vulnerability":"VCID-xx51-cdfq-cucq"},{"vulnerability":"VCID-ye1c-995f-uffg"},{"vulnerability":"VCID-zjzm-apy1-3ycu"},{"vulnerability":"VCID-zmbt-5sbt-9fe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@1.2.19"}],"aliases":["CVE-2022-2300","GHSA-q6mp-562x-ggvv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qpam-xy9j-7kcz"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/microweber/microweber@1.2.19"}